#Privacy: Avoid falling into the GDPR loophole

Were you aware that data privacy regulations like General Data Protection Regulation (GDPR) may have inadvertently created a security vulnerability? GDPR and other “privacy by design” laws, established to empower individuals to claim back control over their data and protect their identities, have allowed loopholes to occur – cybercriminals can easily take advantage of these […]

#Privacy: MCMC suspends contract of company responsible of data breach

The Malaysian Communications and Multimedia Commission (MCMC) has suspended the contract of the  independent contractor Nuemera (M) Sdn Bhd.  The 2014 data breach exposed the personal details of 46.2 million mobile phone subscribers, leaking the unique serial numbers linked to individual mobile phones, phone numbers, home addresses and names.  The suspension was confirmed in a […]

#Privacy: Hundreds of thousands of CVs exposed online

Both Authentic Jobs and Sonic Jobs have exposed more than 200,000 CVs, subsequently making them publicly accessible to possible threat actors. Security researcher Gareth Llewellyn discovered the data breaches. Authentic Jobs, a US-based jobs board utilised by companies including the New York Times, made 221,130 CVs publicly accessible. Whilst Sonic Jobs, a UK jobs app […]

#Privacy: Researchers have devised a method to scoop unencrypted Tor network traffic data

Researchers have found a way to harvest unencrypted Tor network data from exit nodes and piece them together. Deloitte Canada researchers, Adam Podgorski and Milind Bhargava have also claimed to be able to obtain personally identifiable information (PII) of mobile users. The irony is that Tor is an anonymising software and network, and allows traffic […]

#Privacy: Experts identify Whirlpool as owners of exposed database

An unusual web interface belonging to the Heartbeat monitoring service was discovered by security researcher Bob Diachenko.  The publicly accessible instance contained graphs and descriptions, to which the graphs were supported by a MongoDB-sourced data.  Additionally, the database itself was set on public and hosted on the same IP where the Heartbeat instance was.  Following […]

#Privacy: Mississippi government agencies failing in cyber-security compliance

An analysis has revealed that Mississippi government institutions are not complying with industry standard cyber-security practices.  A survey of 125 state agencies, boards, commissions, and universities was conducted by The Auditor’s Office, to check if they were meeting the requirements of the State of Mississippi Enterprise Security Program.  The survey revealed that 54 of the […]

#Privacy: Imperva blames AWS stolen API key for data breach

The cybersecurity firm has released a detailed update on the security breach that was disclosed in August.  The data breach at Imperva exposed the email addresses, API keys, scrambled passwords and SSL certificate of some firewall users.  In the update, the company stated that following a thorough investigation with internal security teams and external forensics […]